NftTable

Description

The NftTable object represents a nftables table. It consists of a set of chains which are being processed depending on the family property.

This object was introduced in InCore 2.1.

› Inherits:Object › Inherited by:NftAddressTranslation, NftFlow

Overview

Properties

chains enabled family name Object.objectId Object.parent

Methods

Object.deserializeProperties() Object.fromJson() Object.serializeProperties() Object.toJson()

Signals

chainsDataChanged() Object.completed()

Enumerations

Family

Properties

chains

This property holds a list of chains for this table.

› Type:List<NftChain> › Signal:chainsChanged() › Attributes:Readonly

enabled

This property holds whether the table is enabled, i.e. it should be included in the firewall configuration.

› Type:Boolean › Default:true › Signal:enabledChanged() › Attributes:Writable

family

This property holds the family of the Netfilter table. See the NftTable.Family enum for details.

› Type:Family › Default:NftTable.IP › Signal:familyChanged() › Attributes:Writable

name

This property holds the name of the firewall table, e.g. filter.

› Type:String › Signal:nameChanged() › Attributes:Writable

Signals

chainsDataChanged(SignedInteger index)

This signal is emitted whenever the List.dataChanged() signal is emitted, i.e. the item at index in the chains list itself emitted the dataChanged() signal.

Enumerations

Family

This enumeration describes supported address families for which traffic/packets can be processed by tables. See the nftables documentation on families for further details

Name	Value	Description
NftTable.IP	0	Tables of this family will see IPv4 traffic/packets.
NftTable.IP6	1	Tables of this family will see IPv6 traffic/packets.
NftTable.INet	2	Tables of this family will see both IPv4/IPv6 traffic/packets, designed to improve dual stack support. Both IPv4/IPv6 packets will traverse the same rules. Rules for IPv4 packets won’t affect IPv6 packets. Rules for both L3 protocol will affect both.
NftTable.ARP	3	Tables of this family will see ARP-level (i.e, L2) traffic, before any L3 handling is done.
NftTable.Bridge	4	Tables of this family will see traffic/packets traversing bridges (i.e. switching). No assumptions are made about L3 protocols.
NftTable.NetDev	5	This family provides the ingress hook, that allows classifying packets that the driver has just passed up to the networking stack. This means the table sees all network traffic for the NIC getting in. No assumptions are made about L2 or L3 protocols, therefore ARP traffic can be filtered from here.

Example

See NftFirewall example on how to use NftTable.